2/01/2024

Installing Tiny Tiny RSS (ttrss) Server on Debian (Apache/MariaDB) without Docker

I am running Apache and MariaDB. Installing TTRSS without Docker was fairly easy, here is an outline.

Set Up Database and User

in a SQL prompt:

CREATE USER 'ttrss'@localhost IDENTIFIED BY 'YourPasswordHere';

create database ttrss;
grant all privileges on ttrss.* to 'ttrss'@localhost;

Clone Git Repository

Go to the directory where ttrss should be running.
git clone https://git.tt-rss.org/fox/tt-rss.git .
chown -R www-data:www-data .

Create Database Schema

mysql --user=ttrss '--YourPasswordHere' --database=ttrss
source sql/mysql/schema.sql
exit

Configuration

cp config.php-dist config.php

Edit config.php and add the following lines:
putenv('TTRSS_DB_HOST=localhost');
putenv('TTRSS_DB_NAME=ttrss');
putenv('TTRSS_DB_USER=ttrss');
putenv('TTRSS_DB_PASS=YourPasswordHere');
putenv('TTRSS_SELF_URL_PATH=http://your.serv.er/dir');
putenv('TTRSS_DB_TYPE=mysql');
putenv('TTRSS_DB_PORT=3306');

Update Database Schema

For some reason this was necessary, maybe the schema.sql above was outdated?

sudo -u www-data php ./update.php --update-schema

Create Service to Regularly Update Your Feeds

put the following text into a new file named /etc/systemd/system/ttrss_backend.service:
[Unit]
Description=ttrss_backend
After=network.target mysql.service

[Service]
User=www-data
ExecStart=<path to your directory>/update_daemon2.php

[Install]
WantedBy=multi-user.target
Then activate and start the new service
systemctl enable ttrss_backend
systemctl start ttrss_backend

Done

Ready to be accessed via the browser now. You can log in with admin/password. Do I need to mention that you should change the password?

A Little Security

You may want to add some security, such as a modsecurity rule that prevents the admin account from logging in from external networks.

And a fail2ban configuration watching out for failed logins, with a filter like this:
# Fail2Ban filter for tt-rss
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]
failregex = ^.*Failed login attempt for .* from <HOST> .*$

ignoreregex =
Plus, of course, a jail definition using this filter.

To have TTRSS write to the Apache error log, you need to add this line to your config.php:
putenv('TTRSS_LOG_DESTINATION=');



Posted by at No comments:
Subscribe to: Posts (Atom)
adaxas Web Directory